Cloaking is a way to hide the real hostname of users on IRC. For example if your real host is d5142341.cable.wanadoo.nl then without cloaking a join will look like this:
*** User (~firstname.lastname@example.org) has joined #test
With cloaking enabled users will see:
*** User (~none@rox-2DCA3201.cable.wanadoo.nl) has joined #test
As you can see the host is cloaked (disguised, partially hidden) so other people don't get to see your real hostname nor your IP. This feature is useful to prevent users from flooding/attacking each other, they can't flood the other party without knowing their real host/IP. The host is not just cloaked in JOIN's, it's also hidden in PART, WHOIS, etc.. every command that would otherwise have exposed your real host or IP to another user.
Cloaking is controlled by usermode +x (like: /mode yournick +x). Normally admins force +x to be enabled by default (through set::modes-on-connect).
A cloaked host is generated by a cloaking module. You must load at least one cloaking module, but don't worry about it too much as the default modules.default.conf (that almost everyone uses) will load the default cloaking module shipped with UnrealIRCd. It's also possible to use another cloaking algorithm created by a 3rd party.
The cloaking algorithm requires (secret) cloaking keys to be set, see set::cloak-keys for more information.
Cloak keys MUST be the same on ALL SERVERS in a network. Also cloak keys must be kept secret because it's possible to decode (or rather: brute force) the original host when you know the keys, doing so would make the whole point of cloaking useless.
Note that while cloaking protects the individual from having the IRC server expose the IP/hostname of the user, there are still plenty of other ways for a user to expose his/her IP. For example, if you ask a user to surf to a website under your own control, and the user does this, you could then check the log file of your web server to see the users' IP.